Skip to content

Fix KeyStoreException crash on Nexus 5 devices (MOB-11856) #934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix KeyStoreException crash on Nexus 5 devices (MOB-11856) #934

wants to merge 5 commits into from

Conversation

sumeruchat
Copy link
Collaborator

@sumeruchat sumeruchat commented Aug 8, 2025
edited by jira bot
Loading

Problem

The Android SDK was crashing on Nexus 5 devices during initialization with:

java.security.KeyStoreException: Entry must be a PrivateKeyEntry or TrustedCertificateEntry; was SecretKeyEntry: algorithm - AES

This occurs because older Android KeyStore implementations (like on Nexus 5/API 23) don't support SecretKeyEntry for AES keys - they only support PrivateKeyEntry and TrustedCertificateEntry.

Related Ticket: MOB-11856

Solution

Minimal fix - added try-catch around IterableDataEncryptor() initialization in the keychain:

try {
    encryptor = IterableDataEncryptor()
    IterableLogger.v(TAG, "SharedPreferences being used with encryption")
} catch (e: Exception) {
    IterableLogger.e(TAG, "Failed to initialize encryption, falling back to plain text", e)
    handleDecryptionError(e)
    return
}

What happens now on Nexus 5:

  1. IterableDataEncryptor() constructor fails with KeyStoreException
  2. Exception is caught in keychain initialization
  3. handleDecryptionError() is called → encryption disabled permanently
  4. App continues working with plain text storage instead of crashing

Changes:

  • 7 lines added to IterableKeychain.kt - wrap encryptor creation in try-catch
  • 52 lines test added - documents and verifies the fix behavior
  • No breaking changes to existing encryption/decryption logic

Testing

  • All existing unit tests pass
  • New test testEncryptorInitializationFailureScenario() validates fallback behavior
  • Verifies plaintext storage works after encryption initialization failure

Manual Test Plan

  1. API 23 Emulator Test:

    • Create Nexus 5 API 23 emulator
    • Install app with SDK
    • ✅ No crash on initialization
    • ✅ App works with plain text storage fallback

  2. Functionality Test:

    • Login/logout flows work normally
    • Data persistence functions correctly
    • Encryption gracefully disabled when unavailable

Resolves MOB-11856

@sumeruchat
Fix KeyStoreException crash on Nexus 5 devices
2d60a7b 
- Wrap keyStore.setEntry() in try-catch to handle SecretKeyEntry not supported
- Add encryptor initialization error handling in keychain with graceful fallback
- Resolves MOB-11856 with minimal changes
@sumeruchat
Fix KeyStoreException crash on Nexus 5 devices
c273c29 
- Add encryptor initialization error handling in keychain with graceful fallback
- KeyStoreException bubbles up naturally and gets handled properly
- Resolves MOB-11856 with truly minimal changes
@sumeruchat
Add unit test for MOB-11856 KeyStore initialization failure
2f78229 
- Test documents expected behavior when IterableDataEncryptor initialization fails
- Verifies graceful fallback to plaintext storage continues to work
- Ensures app functionality is maintained after encryption failure
@sumeruchat
Remove unnecessary whitespace change from IterableDataEncryptor
380e4d0 
- Reset IterableDataEncryptor.kt to match master exactly
- Only IterableKeychain.kt and test should have changes for minimal fix
@sumeruchat sumeruchat marked this pull request as ready for review August 8, 2025 15:02
Ayyanchira
Ayyanchira reviewed Aug 14, 2025
View reviewed changes
iterableapi/src/main/java/com/iterable/iterableapi/IterableKeychain.kt
Comment on lines -44 to +51
encryptor = IterableDataEncryptor()
IterableLogger.v(TAG, "SharedPreferences being used with encryption")
try {
encryptor = IterableDataEncryptor()
IterableLogger.v(TAG, "SharedPreferences being used with encryption")
} catch (e: Exception) {
IterableLogger.e(TAG, "Failed to initialize encryption, falling back to plain text", e)
handleDecryptionError(e)
return
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good. It actually prevents crashes which were reproducible

Ayyanchira
Ayyanchira reviewed Aug 14, 2025
View reviewed changes
iterableapi/src/test/java/com/iterable/iterableapi/IterableKeychainTest.kt
Comment on lines +398 to +401
`when`(mockSharedPrefs.getString(eq("iterable-email"), isNull())).thenReturn(testEmail)
`when`(mockSharedPrefs.getString(eq("iterable-user-id"), isNull())).thenReturn(testUserId)
`when`(mockSharedPrefs.getBoolean(eq("iterable-email_plaintext"), eq(false))).thenReturn(true)
`when`(mockSharedPrefs.getBoolean(eq("iterable-user-id_plaintext"), eq(false))).thenReturn(true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test is artificially forcing the behavior it wants to test:
It mocks getString() to return the test values
It mocks getBoolean() to return true for the _plaintext flags
Then it calls the methods and verifies they work

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay will fix

Ayyanchira
Ayyanchira approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@Ayyanchira Ayyanchira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. However, test methods might be misleading.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ayyanchira Ayyanchira Ayyanchira approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sumeruchat @Ayyanchira